House Committee Approves P2P Security Bill

Legislation would require government agencies to implement plans to protect sensitive information from file swapping.

Just one day after it was introduced, the House Government Reform Committee approved legislation Thursday aimed at protecting the security and privacy of federal agency computers from the risks posed by peer-to-peer (P2P) file sharing. No comparable legislation has been introduced in the Senate.

Both the House and the Senate have already implemented security measures against P2P security threats through both technical and non-technical means, including firewalls and employee training. The Government Network Security Act of 2003 (H.R. 3159) would require the Executive Branch to take similar steps.

Under the Government Network Security Act of 2003, federal agencies would have six months to develop and implement P2P security plans. The General Accounting Office would have an additional year to review the plans and report to Congress on the results of the review together with any recommendations.

"While most of the news coverage on file sharing focuses on the ability of users to illegally trade copyrighted music, movies, and videos, another less publicized dark side to this technology is the risk it poses to the security of computers and the privacy of electronic information," Rep. Tom Davis (R.-Va.), who co-sponsored the bill with Rep. Henry Waxman (D.-Calif.), said. "Few people recognize these risks. Using these programs is similar to giving a complete stranger access to your personal file cabinet."

The federal government uses and stores a wide variety of classified and sensitive information, including information vital to national security, defense, law enforcement, economic markets, public health, and the environment. Government computers also contain personal and financial information of U.S. citizens and businesses.

Installation of P2P software on government computers can expose this sensitive information to the public.

A Committee on Government Reform staff report issued in May showed how through a "couple of simple searches" of the most popular P2P programs, personal information such as tax returns, medical records, and confidential legal documents and business files were found.

Instead of banning P2P networks on government computers, a Davis spokesman told internetnews.com, "We didn't want to be that draconian." Neither the legislation, the staff committee report nor the Davis spokesman could site how many government computers have P2P software installed.

The legislation does contains language that states, "Innovations in peer-to-peer technology for government applications can be pursued on intragovernmental networks that do not pose risks to network security."

Davis added, "File sharing technology is not inherently bad, and it may turn out to have a variety of beneficial applications. However, as our committee has learned, this technology can create serious risks for users. This bill takes a common sense approach to protect the computers and networks of the federal government and the valuable information they contain."